Azure移动应用程序自定义身份验证

Azure移动应用程序自定义身份验证

本文介绍了Azure移动应用程序自定义身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用MobileServiceClient的LoginAsync(string provider, JObject token)重载来实现自定义身份验证.我有一个像这样的自定义身份验证控制器

I'm trying to implement custom auth using the LoginAsync(string provider, JObject token) overload of MobileServiceClient. I'have a custom auth controller like this

[MobileAppController]
public class CustomAuthController : ApiController
{
   public async Task<IHttpActionResult> Post([FromBody] JObject assertion)
  {
    ...
  }
}

在后端启动中,我设置了路由

and inside backend startup I set the route

config.Routes.MapHttpRoute("CustomAuth", ".auth/login/CustomAuth",new { controller = "CustomAuth" });

在客户端,呼叫是:

var credentials = new JObject
{
    ["email"] = username,
    ["password"] = password
};
MobileServiceUser user;
try
{
    user = await MobileService.LoginAsync("CustomAuth", credentials);
}
catch (Exception ex)
{
    Debug.WriteLine(ex.Message);
    throw;
}

我认为这都是正确的,但是我无法使用LoginAsync方法调用控制器(在调试中,我在控制器的第一条指令上设置了一个断点).而且我什至看不到异常,因为它从未实现过catch阻止.但是我可以使用Postman例如将请求发送到CustomAuthController,在这种情况下,可以达到调试断点...我不明白为什么!我正在尝试调试LoginAsync(使用MobileServiceTokenAuthentication)反编译的代码,但未成功...请帮助!在后端,我的自定义身份验证是使用auth0委托api进行的.

I think all it's correct but I cannot call the controller with LoginAsync method (in debug I set a breakpoint on first instruction of controller).And I connot even see the exception because the catch block it's never reached.But I can send request to CustomAuthController using Postman for example and in this case the debug breakpoint is reached...I don't understand why!!I'm trying to debug LoginAsync (that uses MobileServiceTokenAuthentication) decompiled code without success...please help!On backend side my custom authentication is made with auth0 delegation api.

推荐答案

您将需要从控制器代码中删除[MobileAppController]属性.此属性增加了一个要求,即调用必须包含版本标头,并且客户端SDK不会为登录方法发送这些标头.或者,您可以在客户端上使用委派处理程序来注入此标头,但是服务器端更改将涉及较少的代码.在自定义身份验证的上下文中,该属性没有提供我可以想到的任何好处,因此应该安全删除.

You will need to remove the [MobileAppController] attribute from the controller code. This attribute adds a requirement that the call include a version header, and the client SDK does not send these for the login methods. Alternatively you could use a delegating handler on the client to inject this header, but the server-side change will involve less code. In the context of custom auth, the attribute isn't providing any benefit that I can think of, so it should be safe to remove.

这篇关于Azure移动应用程序自定义身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-05 14:41